<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<div class="moz-cite-prefix">On 10/6/21 22:50, Tor Relays wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAHTJAwGNHHBZtTExdyjr5FdigihvfZaMe4dkYDgiguP2zFrfaQ@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">On Tue, Jun 08, 2021 at
01:56:33PM +0200, Tor Relays wrote:<br>
And Tor exits are particularly susceptible to getting put on
these kind<br>
of blocklists, because all it takes is one person trying to
connect to the<br>
honey address, and bam the exit relay's IP address gets on
the blocklist.<br>
<br>
--Roger<br>
</blockquote>
<div> </div>
<div>This would explain it when the relay in question would be
an exit relay, but it is an ordinary relay. <br>
<br>
</div>
<div>Maybe it impacts your own trust level when you frequently
connect to IPs with a bad reputation (e.g. exits).<br>
</div>
</div>
</div>
</blockquote>
<p>Or maybe they flagged as suspicious the activity towards ports
9001? Maybe its worth the effort to debug this by only accepting
tor circuits involving downstream relays over port 443 for some
time so as to see if G-Core Labs whitelists you again? (No idea
how to actually do this) This could mean an additional point to
encourage people to deploy relays on port 443.</p>
<p>Also, maybe someone is running a relay on port 25/465/587/whatnot
and that is what triggered G-Core Labs alarms? I don't know how to
find this with relay search. Orport shows in the results but
searches for orport:NNN will fail.<br>
</p>
<blockquote type="cite"
cite="mid:CAHTJAwGNHHBZtTExdyjr5FdigihvfZaMe4dkYDgiguP2zFrfaQ@mail.gmail.com">
<div dir="ltr">
<div class="gmail_quote">When they don't provide any information
it's only speculation<br>
</div>
</div>
</blockquote>
<p>That's it :(</p>
<p>Salut<br>
</p>
</body>
</html>